731 posts
  • Elite Author
  • Attended a Community Meetup
  • Has been a member for 4-5 years
  • Sold between 100 000 and 250 000 dollars
  • Bought between 50 and 99 items
  • Exclusive Author
  • Most Wanted Bounty Winner
+2 more
mordauk says

Yes, I agree that they should have, but I can also tell you that moving away from amember is a serious pain. I’ve had to do it before and it is excruciatingly difficult.

The main reason it is hard is because you have thousands of live PayPal subscriptions, which, due to limitations of PayPal and Amember, cannot be simply moved to a new system. In order to move to a new system, you have to work out ways to “steal” the subscriptions away from amember.

I know this because I’m trying to move a really old site away from amember right now, and I know several other people doing the same thing.

731 posts
  • Elite Author
  • Attended a Community Meetup
  • Has been a member for 4-5 years
  • Sold between 100 000 and 250 000 dollars
  • Bought between 50 and 99 items
  • Exclusive Author
  • Most Wanted Bounty Winner
+2 more
mordauk says

Yes, I agree that they should have, but I can also tell you that moving away from amember is a serious pain. I’ve had to do it before and it is excruciatingly difficult.

Oh, and that’s not to say that it being a serious pain is a good enough reason to not do it, because that’s definitely not the case.

629 posts
  • Bought between 10 and 49 items
  • Exclusive Author
  • Has been a member for 4-5 years
  • Sold between 100 and 1 000 dollars
Thecodingdude says

I’d like to point out that it was as much a fault of aMember (the software used to run Tuts+) as it was Envato, yet NO ONE is yelling at them. Seriously? Amember is one of the largest and most widely used membership softwares on the net. It was definitely very, very negligent of Envato to not fix the issue sooner, but if you’re going to yell at someone, yell at both of them.

Envato must make over $500,000 every month. I’m pretty damn sure a company like Envato can afford to have every single line in their code examined for security, performance etc. Envato knew about this bug since last year.

7197 posts
  • Exclusive Author
  • Has been a member for 5-6 years
  • Sold between 10 000 and 50 000 dollars
  • Envato Studio (Microlancer) Beta Tester
  • Beta Tester
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Author had a Free File of the Month
  • Bought between 50 and 99 items
  • Referred between 10 and 49 users
+1 more
doru says

when you build a website you plan with security in mind.

this amember or whatever store passwords as plain text?

you don’t use it!

731 posts
  • Elite Author
  • Attended a Community Meetup
  • Has been a member for 4-5 years
  • Sold between 100 000 and 250 000 dollars
  • Bought between 50 and 99 items
  • Exclusive Author
  • Most Wanted Bounty Winner
+2 more
mordauk says


I’d like to point out that it was as much a fault of aMember (the software used to run Tuts+) as it was Envato, yet NO ONE is yelling at them. Seriously? Amember is one of the largest and most widely used membership softwares on the net. It was definitely very, very negligent of Envato to not fix the issue sooner, but if you’re going to yell at someone, yell at both of them.
Envato must make over $500,000 every month. I’m pretty damn sure a company like Envato can afford to have every single line in their code examined for security, performance etc. Envato knew about this bug since last year.

I never said they shouldn’t have or could not have. I was simply pointing out that making the move is very difficult.

629 posts
  • Bought between 10 and 49 items
  • Exclusive Author
  • Has been a member for 4-5 years
  • Sold between 100 and 1 000 dollars
Thecodingdude says



I’d like to point out that it was as much a fault of aMember (the software used to run Tuts+) as it was Envato, yet NO ONE is yelling at them. Seriously? Amember is one of the largest and most widely used membership softwares on the net. It was definitely very, very negligent of Envato to not fix the issue sooner, but if you’re going to yell at someone, yell at both of them.
Envato must make over $500,000 every month. I’m pretty damn sure a company like Envato can afford to have every single line in their code examined for security, performance etc. Envato knew about this bug since last year.
I never said they shouldn’t have or could not have. I was simply pointing out that making the move is very difficult.

Envato patched the issue within 48 hours, don’t give me bullshit about it being difficult. Yeah, it is when you’ve got an entire team of useless “developers”.

Envato have had over 6 months to patch the issue, instead they wait for the breach to happen and then update it – do you see the logic because I certainly don’t?

594 posts
  • Author had a File in an Envato Bundle
  • Envato Studio (Microlancer) Beta Tester
  • Exclusive Author
  • Has been a member for 4-5 years
  • Referred between 10 and 49 users
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Sold between 10 000 and 50 000 dollars
designcise says

i hope the marketplace passwords are encrypted using a custom algorithm and not something that can easily be reversed :P (such as md5 etc.)

2959 posts
  • Football Contest Participant/Runner-up
  • Australia
  • Community Moderator
  • Elite Author
  • Author had a Free File of the Month
  • Most Wanted Bounty Winner
  • Author had a File in an Envato Bundle
  • Has been a member for 5-6 years
  • Contributed a Blog Post
+11 more
dtbaker Volunteer moderator says

:-/

anywho good to see the tuts+ team have the website back up and running now: http://tutsplus.com

hats off for been transparent about the issue and not covering it up like most other compromised sites would.

5766 posts
  • Exclusive Author
  • Author had a File in an Envato Bundle
  • Elite Author
  • Has been a member for 6-7 years
  • Sold between 100 000 and 250 000 dollars
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • India
+3 more
VF says

@dtbaker, I would say it is a safety measure rather than transparency. Don’t praise people on wrong times. If the hackers do bad things with the member data, someday this thing may come out by itself with different kind of pressure. So as of now, they did what should be done to reduce/avoid the potential damage. Do we know how many members missed to understand this thing happened and they supposed to change something on somewhere?

Edit: dtbaker, just quoting your comment because, from pure technical perspectives Envato really deserve more critics rather than comparisons with different sites to convince everything going well.

731 posts
  • Elite Author
  • Attended a Community Meetup
  • Has been a member for 4-5 years
  • Sold between 100 000 and 250 000 dollars
  • Bought between 50 and 99 items
  • Exclusive Author
  • Most Wanted Bounty Winner
+2 more
mordauk says




I’d like to point out that it was as much a fault of aMember (the software used to run Tuts+) as it was Envato, yet NO ONE is yelling at them. Seriously? Amember is one of the largest and most widely used membership softwares on the net. It was definitely very, very negligent of Envato to not fix the issue sooner, but if you’re going to yell at someone, yell at both of them.
Envato must make over $500,000 every month. I’m pretty damn sure a company like Envato can afford to have every single line in their code examined for security, performance etc. Envato knew about this bug since last year.
I never said they shouldn’t have or could not have. I was simply pointing out that making the move is very difficult.

Envato patched the issue within 48 hours, don’t give me bullshit about it being difficult. Yeah, it is when you’ve got an entire team of useless “developers”.

Envato have had over 6 months to patch the issue, instead they wait for the breach to happen and then update it – do you see the logic because I certainly don’t?

Dude, not trying to start a war. Just because it can be done in 48 hours does not mean it isn’t extremely difficult. They have a large development team with a ton of skill. It’s obvious they can (they did) do it.

Anyhow, I NEVER said it shouldn’t have happened a long time ago.

And please, come on, don’t call Envato developers useless. Not fixing the security breach was a mistake higher up. If it wasn’t for the fantastic Envato devs, we wouldn’t have these great marketplaces.

by
by
by
by
by
by